Export limit exceeded: 363504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (6920 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1444 1 Webportal 1 Webportal Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter.
CVE-2007-6652 1 Xcms 1 Xcms 2026-04-23 N/A
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).
CVE-2007-6649 1 Matpo Bilder Galerie 1 Matpo Bilder Galerie 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
CVE-2007-6632 1 Xml2owl 1 Xml2owl 2026-04-23 N/A
showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter.
CVE-2007-5014 1 Derek Leung 1 Pslash 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-archiver.inc.php or (2) the lvc_include_dir parameter to modules/visitors2/include/menus.inc.php. NOTE: the modules/visitors2/include/config.inc.php vector is already covered by CVE-2006-4373. NOTE: vector 1 is disputed by CVE because PHP encounters a fatal instantiation error on a direct request for the file, before reaching the include statement.
CVE-2007-6568 1 Xzero Scripts 1 Xzero Community Classifieds 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
CVE-2007-6731 1 Claudio Matsuoka 1 Extended Module Player 2026-04-23 N/A
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
CVE-2006-5767 1 Drake Team 1 Drake Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.
CVE-2007-5914 1 Jean Charles 1 Jbc Explorer 2026-04-23 N/A
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.
CVE-2007-5843 1 Scwiki 1 Scwiki 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter.
CVE-2007-5842 1 Vortex Portal 1 Vortex Portal 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php.
CVE-2007-5841 1 Nuboard 1 Nuboard 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2007-5840 1 Syndeocms 1 Syndeocms 2026-04-23 N/A
PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2.
CVE-2007-5784 1 Caupo.net 1 Cauposhop Pro 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
CVE-2007-5783 1 Emagic-cms 1 Emagic Cms.net 2026-04-23 N/A
SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.
CVE-2007-5780 1 Telematic Lab 1 Teatro 2026-04-23 N/A
PHP remote file inclusion vulnerability in pub/pub08_comments.php in teatro 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
CVE-2007-5775 1 Bitdefender 3 Antivirus, Internet Security, Total Security 2026-04-23 9.8 Critical
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-5772 1 Flatnuke3 1 Flatnuke3 2026-04-23 N/A
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.
CVE-2007-5741 1 Plone 1 Plone 2026-04-23 N/A
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
CVE-2007-5737 1 Ghlab 1 Korean Ghboard 2026-04-23 N/A
Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request.